We Recommend

Accelerated C# 2008
This book is both a rapid tutorial and a permanent reference. You’ll quickly master C# syntax while learning how the CLR simplifies many programming tasks. You’ll also learn best practices that ensure your code will be efficient, reusable, and robust. Why spend months or years discovering the best ways to design and code C# when this book will show you how to do things the right way, right from the start?

Posted By

jags_sonawane on 02/14/08

Tagged

sql injection

Versions (?)

String Validation for Sqlinjection

Published in: C#

Plain TextExpand

public bool InvalidChars(string sInput)
 {
     bool functionReturnValue = false;
 
     //Declare variables
 
     object sBadChars;
     object iCounter;
 
     //Set functionReturnValue to False
 
     functionReturnValue = false;
 
     //Create an array of invalid characters and words
 
     sBadChars = array("select", "drop", ";", "--", "insert", "delete", "xp_", "#", "%", 
 
"&",
     "'", "(", ")", "/", "\\", ":", ";", "<", ">", "=",
     "[", "]", "?", "`", "|");
 
     //Loop through array sBadChars using our counter & UBound function
 
     for (iCounter = 0; iCounter <= Information.uBound(sBadChars); iCounter++) {
 
         //Use Function Instr to check presence of illegal character in our variable
 
         if (Strings.Instr(sInput, sBadChars(iCounter)) > 0) {
 
             functionReturnValue = true;
 
         }
 
     }
     return functionReturnValue;
 
 }

Report this snippet

Comment:

You need to login to post a comment.

We Recommend

Posted By

Tagged

Versions (?)

String Validation for Sqlinjection

Choose a language for easy browsing: